The mainstream 10.0 editions of Flash can yield to critical vulnerability which is being exploited in by hackers according to Adobe. The 9.x editions of Adobe Reader and Acrobat which incorporate 10.0 Flash compatibility are also vulnerable.

The 10.1 generation of Flash, is not affected by this vulnerability. Users can download the 10.1 beta from Adobe which is also built into current versions of Google's Chrome browser. The 8.x generation of Acrobat is unaffected.

Adobe calls this a critical vulnerability and claimed it could cause a crash and allow the attacker to take control of the system in the context of the user running the affected product.

Reader and Acrobat 9.x users can mitigate the vulnerability by deleting, renaming or denying access to the authplay component which, on Windows, is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat. After this change users who open a PDF with SWF content will experience a non-exploitable crash. Adobe is still working on a schedule for patches for the affected products.

Click here for details.